Archive for February, 2009

802.11n and the Apple Airport Extreme

February 25th, 2009

I purchased an Apple Airport Extreme today and brought it home and set it up. Fun stuff. Some initial observations:

There doesn’t seem to be a plain old “router” mode. You can do NAT, you can make it a node that hands out DHCP on your network, or you can just have it do bridge-mode only. I didn’t see any support for actual routing between networks, which is the way I used to have my network set up. It’s not that big of a deal, but I guess that’s why it doesn’t say “Router” on the box.

We have three Macs in the house. To get them connected up at 802.11n, I used the base configuration parameters for wireless, but the connection speed was only 130Mb/s. I wanted more from N, so I switched it to the 5Ghz range and N exclusively. This allowed a full connection at 300Mb/s, which is really cool.

Finally, I hooked up three external drives, using an old USB hub hanging off the USB port on the Airport Extreme. All of these drives are formatted MacOS Journaled disks. I selected one of these and made it the disk I wanted to use for Time Machine, kicked off time machine and began backups. The initial backup was kind of painful, but then again, I don’t remember what it was before when I had the drive connected directly to my machine.

Here’s a screenie:

Airport Extreme Base Station + Connection

Airport Extreme Base Station + Connection

So… recap:

No Router = Bad
N speeds are real = Good
AirDisk + Time Machine = Awesome!!!

I am happy.

Comments Off »

Posted in Networks, Technology

Darwin on Politics?

February 21st, 2009

Do you wonder, like I do, what is the driving force behind a successful politician? Is it:

A good spouse?
A good campaign manager?
A good support base?
A good set of values?
Willingness to say what you mean and mean what you say?
Honesty, or at least the ability to drive that perception?
Something else; something noble?

I don’t think any of that is important, outside of the fact that it is important. I think the most vital trait for a politician to have/learn/acquire is the ability to keep a lid on all the things you had to do, all the things you had to say, all the things you had to become, just to ensure that you get where you want to be. It’s the epitome of the phrase “the ends justify the means”. It’s being able to successfully keep those skeletons in the closet, soothe consciences with money and favor, and if necessary, ruin others’ careers and lives, all in the hope that you survive.

Those that cannot succeed at protecting these facts; these truths that must never see the light of day, are culled from the herd. They characterize the weak and the sick in the herd. They are victims of Darwin’s “survival of the fittest” rule. We see them, taken down by the lioness on the hunt; also known as “Public Opinion”.

They say that when you are attacked by a lion, that your body shuts off nerve response to the parts of your body affected; that you go numb as you are taken down. It’s one of the reasons that, on the nature shows, we see animals obviously alive but not moving once they’ve been snatched by those horrible jaws. It looks like they just sit there, cognizant of being eaten, but not being able to do anything to prevent it.

http://www.suntimes.com/news/marin/1442552,CST-EDT-carol22.article

Roland, you’re in the jaws of the lioness… you’ve gone numb… you just don’t know it.

Comments Off »

Posted in General

Considering ways to reduce the noise… Part 1

February 1st, 2009

I have been banging around some ideas about the best way to implement a blacklist on an Internet perimeter. Here’s what I’ve come up with so far:

1. Use an access list.
2. Use PBR to selectively re-route or deflect traffic.
3. Use a firewall or another inline device of some sort.
4. Use a routing protocol.

Now, out of those ideas, the hardest one to implement in any organization I have ever worked in would be #3, Firewall. Most firewall admins are extremely sensitive to implementing a destination-type control on their systems because of the number of individual objects that need to be maintained, and the number of changes, or “fluidity” of changes that would have to be accounted for to make it an effective tool.

Router-based Access-Lists would only be marginally easier since many network groups run a little faster/looser with their change policies… but the reality is that when you’re talking about potentially thousands of hosts you want to be be able to selectively deny access to/from your network, RACLs are going to be the least scalable way to go. Imagine Cisco IOS ACLs thousands of lines long. It won’t be too long before you start having to boot your router off the network and remote-load the config.

Policy-Based Routing is an interesting approach but certain implementations could suffer from the same scalability issues that RACLs suffer from.

Probably the most extensible way to get this done looks like it might be a dynamic routing protocol. Next time, I’ll go over those. For now, some other considerations might be:

How do we know who we want to blacklist?
How do we know when we want to blacklist?
How do we know when we want to stop blacklisting?
Where do we want to implement the control?

Lots to do here… stay tuned!

Comments Off »

Posted in Networks, Technology